Google is shortening the amount of time it gives to makers of vulnerable software and web services if there is imminent danger. The Google security team say that if they encounter a zero-day issue that is already being actively used for cyber attacks, it will grant the affected manufacturer just seven days grace to fix the vulnerabilities or publish an advisory with mitigation strategies for users.
After seven days, Google wants to publish details of the vulnerability in such a way that users of the vulnerable software can protect themselves from attacks. Previously, the company had given vendors sixty days before it went public with details of vulnerabilities. Google says, though, that it has found zero-day vulnerabilities being used to target a limited subset of people and this targeting makes the attack more serious than a widespread attack and more important to resolve quickly, especially where political activists are being compromised and the attacks can have "real safety implications" in some parts of the world.
Continued : http://www.h-online.com/security/news/item/Google-cuts-grace-period-for-vendors-of-vulnerable-software-1873878.html
Google Advocates 7-Day Deadline to Publicize Critical Vulnerabilities
Google: Security flaws not fixed in a week should be made public
Google defines disclosure timeline for actively exploited bugs
Your favorite shows are back!
Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!